IETF Logo Mail Archive

Re: Last Call: draft-klensin-rfc2821bis

John Levine <johnl@iecc.com> Sun, 30 March 2008 23:21 UTC

Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F20BC28C2FD; Sun, 30 Mar 2008 16:21:19 -0700 (PDT)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6F19128C1FB for <ietf@core3.amsl.com>; Sun, 30 Mar 2008 16:21:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.189
X-Spam-Level:
X-Spam-Status: No, score=-6.189 tagged_above=-999 required=5 tests=[AWL=4.710, BAYES_00=-2.599, RCVD_IN_BSP_TRUSTED=-4.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aOfzRsFGBcUs for <ietf@core3.amsl.com>; Sun, 30 Mar 2008 16:21:17 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [208.31.42.53]) by core3.amsl.com (Postfix) with ESMTP id 384BB28C383 for <ietf@ietf.org>; Sun, 30 Mar 2008 16:21:06 -0700 (PDT)
Received: (qmail 55311 invoked from network); 30 Mar 2008 23:21:03 -0000
Received: from simone.iecc.com (208.31.42.47) by mail1.iecc.com with QMQP; 30 Mar 2008 23:21:03 -0000
Date: Sun, 30 Mar 2008 23:21:03 -0000
Message-ID: <20080330232103.92407.qmail@simone.iecc.com>
From: John Levine <johnl@iecc.com>
To: ietf@ietf.org
Subject: Re: Last Call: draft-klensin-rfc2821bis
In-Reply-To: <Pine.LNX.4.33.0803301407500.19027-100000@egate.xpasc.com>
Organization:
X-Headerized: yes
Mime-Version: 1.0
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

>> to non-mail domains is significant.  I have at least one host name
>> that was never a mail domain, but since it used to appear in usenet
>> headers it gets over 30,000 spams a day, every day.
>
>I'm not convinced you've identifed causality ... only correlation.

The causality is that its name was scraped out of a zillion usenet
archives.  Much of mail it gets is to addresses that are actually old
message-id's.  Other hosts that don't have names don't get hit at all.

> I suspect that many spam sources routinely 'scan' for open port 25s
>and send mail .. 

I haven't seen that in an extremely long time, and I log the port 25
connect attempts to non servers on my network.  It sees plenty of port
25 attempts, but they're all to the scraped hosts and stale MXes.
Spammers have gargantuan spam lists and use the regular MX/A lookup,
sometimes using very stale precached MX lists.

> For your web mail, make the right headers so that a reply will
> work. Or arrange to have the mail depart from a valid mail server.

Um, I've been doing that for rather a long time.  That's unrelated to
the scraped address problem.

R's,
John
_______________________________________________
IETF mailing list
IETF@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email